allenaguinn

15 Posts

March 27th, 2009 20:00

Scamware "Spyware Protect 2009" and false Internet Explorer Warnings, Toolbar missing

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST

THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/16/2005 8:30:21 PM

System Uptime: 3/27/2009 5:22:27 PM (2 hours ago)

Motherboard: Dell Inc. | | 0WF351

Processor: Intel(R) Pentium(R) M processor 1.73GHz |

Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 11.32 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Photoshop Elements 3.0

Adobe Reader 7.0

Adobe Shockwave Player

AIM 6

ALPS Touch Pad Driver

Anki

AOL Connectivity Services

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Mobile Device Support

Apple Software Update

Bonjour

Broadcom Management Programs 2

Combined Community Codec Pack 2006-07-28 (Remove Only)

Compatibility Pack for the 2007 Office system

Conexant D110 MDC V.9x Modem

Corel Painter Essentials 2

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

Critical Update for Windows Media Player 11 (KB959772)

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Digital Content Portal

Digital Line Detect

EducateU

EPSON Printer Software

EPSON SPR1800 Reference Guide

ESPNMotion

eSupportQFolder

FATE

GemMaster Mystic

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows XP (KB952287)

HP Image Zone Express

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

Intel(R) Graphics Media Accelerator Driver for Mobile

Intel(R) PROSet/Wireless Software

Internal Network Card Power Management

Internet Explorer Default Page

iTunes

J2SE Runtime Environment 5.0 Update 10

Learn2 Player (Uninstall Only)

Macromedia Flash Player

McAfee SecurityCenter

McAfee Shredder

mCore

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Office OneNote 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Windows XP Video Decoder Checkup Utility

Microsoft Works 6-9 Converter

mIWA

mIWCA

mLogView

mMHouse

MobileMe Control Panel

Modem Helper

MonacoEZcolor Demo

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

mToolkit

Musicmatch for Windows Media Player

mWlsSafe

mXML

mZConfig

Netflix Movie Viewer

NetWaiting

nik Color Efex Pro 2.0 IE

Otto

P.I.M. II Plug-In

Panda ActiveScan

Picasa 3

PirateFish5

PowerDVD 5.5

Premium ICC Color Profiles

Qualxserve Service Agreement

QuickSet

QuickTime

Safari

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

SolutionCenter

Sonic DLA

Sonic Encoders

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Spyware Doctor 6.0

Tablet

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update Rollup 2 for Windows XP Media Center Edition 2005

VideoLAN VLC media player 0.8.6

Viewpoint Manager (Remove Only)

Viewpoint Media Player

WebCyberCoach 3.2 Dell

WebEx

WebFldrs XP

WebReg

WildTangent Web Driver

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [See EmeraldQFE2 for more

information]

Windows Media Player 11

Windows XP Media Center Edition 2005 KB925766

Windows XP Service Pack 3

XviD 1.1 final uninstall

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Photos Easy Upload Tool 1v7

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/20/2009 7:43:09 AM, error: PSched [14103] - QoS [Adapter

{1348ABA3-A87F-4699-AFB9-18C0B1CDF15D}]: The netcard

driver failed the query for OID_GEN_LINK_SPEED.

3/21/2009 8:15:40 AM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction

response from the mcmscsvc service.

3/23/2009 8:10:28 PM, error: W32Time [17] - Time Provider

NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the

DNS lookup again in 15 minutes. The error was: A socket

operation was attempted to an unreachable host. (0x80072751)

3/24/2009 8:15:07 PM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction

response from the w32time service.

3/25/2009 10:14:58 AM, error: Service Control Manager [7034]

- The McAfee Scanner service terminated unexpectedly. It has

done this 1 time(s).

3/26/2009 10:21:26 AM, error: Service Control Manager [7009]

- Timeout (30000 milliseconds) waiting for the Viewpoint

Manager Service service to connect.

3/26/2009 10:21:26 AM, error: Service Control Manager [7000]

- The Viewpoint Manager Service service failed to start due to

the following error: The service did not respond to the start or

control request in a timely fashion.

3/26/2009 1:22:28 PM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction

response from the stisvc service.

3/26/2009 1:23:48 PM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction

response from the WZCSVC service.

3/26/2009 9:01:41 PM, error: DCOM [10005] - DCOM got error

"%1084" attempting to start the service EventSystem with

arguments "" in order to run the server: {1BE1F766-5536-11D1

-B726-00C04FB926AF}

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The DHCP Client service depends on the NetBios over Tcpip

service which failed to start because of the following error: A

device attached to the system is not functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The DNS Client service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: A

device attached to the system is not functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The TCP/IP NetBIOS Helper service depends on the AFD

service which failed to start because of the following error: A

device attached to the system is not functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The Apple Mobile Device service depends on the TCP/IP

Protocol Driver service which failed to start because of the

following error: A device attached to the system is not

functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The Bonjour Service service depends on the TCP/IP Protocol

Driver service which failed to start because of the following

error: A device attached to the system is not functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7001] -

The IPSEC Services service depends on the IPSEC driver

service which failed to start because of the following error: A

device attached to the system is not functioning.

3/26/2009 9:01:58 PM, error: Service Control Manager [7026] -

The following boot-start or system-start driver(s) failed to load:

AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb

NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

3/26/2009 9:02:51 PM, error: DCOM [10005] - DCOM got error

"%1084" attempting to start the service StiSvc with arguments ""

in order to run the server: {A1F4E726-8CF1-11D1-BF92-

0060081ED811}

3/26/2009 9:03:33 PM, error: DCOM [10005] - DCOM got error

"%1084" attempting to start the service McNASvc with

arguments "" in order to run the server: {24F616A1-B755-4053

-8018-C3425DC8B68A}

==== End Of File ===========================

and,

DDS (Ver_09-03-16.01) - NTFSx86

Run by Allena Hail at 19:24:22.04 on Fri 03/27/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1317 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\dllhost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Allena Hail\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mWinlogon: userinit=c:\windows\system32\sdra64.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6253\SiteAdv.dll

BHO: : {1fb12d5c-7267-4860-a56f-42719898b93f} - c:\windows\system32\yoigusa.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: BHO: {abd42510-9b22-41cd-9dcd-8182a2d07c63} - c:\windows\system32\iehelper.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector

uRun: [system tool] c:\windows\sysguard.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [ ]

mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_10\bin\jusched.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"

mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07}

mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\allena~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167505897703

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

Notify: zmcnqxcq - yoigusa.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-3-27 40840]

R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-3-27 66952]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-3-27 81288]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-14 213640]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-14 359952]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-14 144704]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-27 356920]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-27 1079176]

R2 tulqfoep;Disk Support;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-14 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-14 79304]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-14 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-14 40552]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-6-18 24652]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-14 34216]

=============== Created Last 30 ================

2009-03-27 17:05 81,288 a------- c:\windows\system32\drivers\iksyssec.sys

2009-03-27 17:05 66,952 a------- c:\windows\system32\drivers\iksysflt.sys

2009-03-27 17:05 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys

2009-03-27 17:05 29,576 a------- c:\windows\system32\drivers\kcom.sys

2009-03-27 17:05 --d----- c:\program files\Spyware Doctor

2009-03-27 17:05 --d----- c:\docume~1\allena~1\applic~1\PC Tools

2009-03-27 08:09 --d----- c:\docume~1\allena~1\applic~1\kzhyqqby

2009-03-26 16:28 --d----- c:\docume~1\allena~1\applic~1\McAfee

2009-03-26 16:12 --dsh--- c:\documents and settings\allena hail\PrivacIE

2009-03-26 13:56 --dsh--- c:\documents and settings\allena hail\IETldCache

2009-03-26 12:52 --d----- c:\windows\ie8updates

2009-03-26 12:46 -cd-h--- c:\windows\ie8

2009-03-26 12:45 --d-h--- c:\windows\msdownld.tmp

2009-03-26 12:44 105,984 -------- c:\windows\system32\dllcache\iecompat.dll

2009-03-24 22:55 10,752 a------- c:\windows\system32\iehelper.dll

2009-03-24 20:58 --d----- c:\program files\WinPcap

2009-03-24 20:55 353,808 a------- c:\windows\sysguard.exe

2009-03-24 20:55 --dsh--- c:\windows\system32\lowsec

2009-03-15 01:07 --d----- c:\program files\iPod

2009-03-15 01:07 --d----- c:\program files\iTunes

2009-03-15 01:07 --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll

==================== Find3M ====================

2009-03-27 16:53 17,159 a------- c:\windows\system32\tablet.dat

2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe

2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll

2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll

2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll

2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll

2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll

2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll

2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll

2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll

2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll

2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll

2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll

2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll

2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll

2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll

2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll

2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll

2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll

2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll

2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll

2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll

2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll

2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll

2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll

2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll

2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll

2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll

2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll

2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys

2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys

2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe

2009-01-07 18:20 134,144 -------- c:\windows\system32\dllcache\sqmapi.dll

2009-01-07 18:20 1,497,088 -------- c:\windows\system32\dllcache\shdocvw.dll

2009-01-07 18:20 1,022,976 -------- c:\windows\system32\dllcache\browseui.dll

2009-01-07 18:20 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll

2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll

2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll

2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll

2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll

2009-01-05 15:33 3,751,995 a------- c:\windows\system32\GPhotos.scr

2009-01-01 14:50 1,390,118 a------- c:\program files\ypops-win-0.9.5.14.exe

2008-04-26 11:59 13,934,776 a------- c:\program files\Install_AIM.exe

2007-10-14 18:23 51,422,520 a------- c:\program files\iTunes743Setup.exe

2007-03-10 14:36 37,844,544 a------- c:\program files\iTunesSetup.exe

1999-07-06 17:00 6 ---shr-- c:\windows\@@desktop.dat

2007-03-06 10:49 56 ---shr-- c:\windows\system32\CFB1E89BFF.sys

2006-01-05 13:51 215,420 ---sh--- c:\windows\system32\jmllm.bak1

2006-01-10 18:40 203,654 ---sh--- c:\windows\system32\jmllm.bak2

2006-01-10 18:44 201,912 ---sh--- c:\windows\system32\jmllm.ini2

2007-03-06 10:49 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-08-29 13:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 19:26:34.21 ===============

My toolbar is missing, and because the icons on my desktop are hidden I have to run all programs through Task Manager. Internet Explorer being blocked by that "Spyware Protect" malice so many websites I had to come here through Safari. I was unable to run HiJack This, and was given another program to use to make this log. I'm glad it worked! Thank you!

How does it look?

New: My toolbar popped up when I deleted that program like you said. McAfee is running a scan for kicks and giggles, but I doubt it will do much.

Just an update. Thank you!

Responses(21)

Bugbatter

3 Apprentice

•

20.5K Posts

March 28th, 2009 06:00

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

allenaguinn

15 Posts

March 28th, 2009 09:00

I did post in another forum, and you directed me here. Link to previous http://en.community.dell.com/forums/p/19266117/19456089.aspx#19456089

I have not disabled System Restore, but I for some reason do not have any back up dates. As far as I know, it is enabled.

I do not think I have any cracked software.

I have removed my P2P programs.

This is my computer.

I have not been able to run HiJack This, so no fixes were made.

Alright I think that's all. Looking forward to hearing from you!

Thank you!

Bugbatter

3 Apprentice

•

20.5K Posts

March 28th, 2009 11:00

Thank you for the information. P2P is probably what got you into this mess, but we will discuss that later.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

" * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

Bugbatter

3 Apprentice

•

20.5K Posts

March 28th, 2009 16:00

Please delete that copy of ComboFix. Let's download a different copy.

Download Combofix from any of the links below. You must rename it allen.exe before saving it. Save it to your desktop. If you cannot see the icon on your desktop, you will need to browse to it using Windows Explorer.

Link 1
Link 2
Link 3
Be sure to disable anti-virus and anti-spyware programs before running ComboFix.
Double click on allen.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

allenaguinn

15 Posts

March 28th, 2009 16:00

I disabled my firewall and anitvirus software, and got the instructions for ComboFix and downloaded it.

I cannot open ComboFix with all windows closed because I can't figure out how to turn the icons on my desktop back on. Currently ComboFix won't run when I try and open it. Do you have any idea why this is or how to fix it?

Thank you!

allenaguinn

15 Posts

March 29th, 2009 11:00

ComboFix 09-03-28.06 - Allena Hail 2009-03-29 9:38:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1500 [GMT -7:00]

Running from: c:\documents and settings\Allena Hail\Desktop\allen.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *disabled*

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\IE4 Error Log.txt

c:\windows\svcho.exe

c:\windows\syssvc.exe

c:\windows\system32\drivers\UACjbomkmlq.sys

c:\windows\system32\iehelper.dll

c:\windows\system32\jmllm.bak1

c:\windows\system32\jmllm.bak2

c:\windows\system32\jmllm.ini

c:\windows\system32\jmllm.ini2

c:\windows\system32\jmllm.tmp

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\lowsec\user.ds.lll

c:\windows\system32\mcrh.tmp

c:\windows\system32\sdra64.exe

c:\windows\system32\UACegutpobr.dll

c:\windows\system32\UACenklyshh.log

c:\windows\system32\UACftavtfoy.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkdldonuq.dat

c:\windows\system32\UACllkwgkvk.dll

c:\windows\system32\UACmtlvwuhy.log

c:\windows\system32\UACnmmoydxn.log

c:\windows\system32\UACpjboxemm.dll

c:\windows\system32\UACrgfygths.dll

c:\windows\system32\yoigusa.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Service_UACd.sys

-------\Legacy_TULQFOEP

-------\Service_tulqfoep

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))

2009-03-28 14:20 . 2009-03-28 14:20

d-------- c:\documents and settings\Allena Hail\Application Data\kzhyqqby

2009-03-27 17:06 . 2009-03-28 14:22

d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-03-26 21:03 . 2009-03-26 21:03

d--hs---- c:\documents and settings\Administrator\IETldCache

2009-03-26 16:28 . 2009-03-26 16:28

d-------- c:\documents and settings\Allena Hail\Application Data\McAfee

2009-03-26 16:12 . 2009-03-26 16:12

d--hs---- c:\documents and settings\Allena Hail\PrivacIE

2009-03-26 14:18 . 2009-03-26 14:18

d--hs---- c:\windows\system32\config\systemprofile\IETldCache

2009-03-26 13:56 . 2009-03-26 13:56

d--hs---- c:\documents and settings\Allena Hail\IETldCache

2009-03-26 12:52 . 2009-03-26 12:52

d-------- c:\windows\ie8updates

2009-03-26 12:46 . 2009-03-26 12:47

d--h-c--- c:\windows\ie8

2009-03-26 12:45 . 2009-03-26 12:52

d--h----- c:\windows\msdownld.tmp

2009-03-26 12:44 . 2009-02-27 21:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll

2009-03-24 20:58 . 2009-03-24 20:58

d-------- c:\program files\WinPcap

2009-03-15 01:07 . 2009-03-15 01:08

d-------- c:\program files\iTunes

2009-03-15 01:07 . 2009-03-15 01:07

d-------- c:\program files\iPod

2009-03-15 01:07 . 2009-03-15 01:08

d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-15 01:04 . 2009-03-15 01:05

d-------- c:\program files\QuickTime

2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-03-26 23:30 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-03-26 19:51 --------- d-----w c:\program files\Yahoo!

2009-03-26 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!

2009-03-26 19:50 --------- d--h--r c:\documents and settings\Allena Hail\Application Data\yahoo!

2009-03-26 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-03-26 17:20 --------- d-----w c:\program files\McAfee

2009-03-24 23:21 --------- d-----w c:\documents and settings\Allena Hail\Application Data\SiteAdvisor

2009-03-15 08:07 --------- d-----w c:\program files\Common Files\Apple

2009-03-11 01:15 --------- d-----w c:\documents and settings\Allena Hail\Application Data\uTorrent

2009-02-17 08:09 --------- d-----w c:\program files\Google

2009-02-04 06:23 --------- d-----w c:\program files\Anki

2009-01-01 21:50 1,390,118 ----a-w c:\program files\ypops-win-0.9.5.14.exe

2008-04-26 18:59 13,934,776 ----a-w c:\program files\Install_AIM.exe

2007-10-15 01:23 51,422,520 ----a-w c:\program files\iTunes743Setup.exe

2007-03-10 21:36 37,844,544 ----a-w c:\program files\iTunesSetup.exe

1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat

2007-03-06 17:49 56 --sh--r c:\windows\system32\CFB1E89BFF.sys

2007-03-06 17:49 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-08-29 20:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082920080830\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AOL Toolbar 3.0\aoltb.dll" [2005-11-17 585728]

[HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}]

[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}]

[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector"

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-07-05 4538368]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Allena Hail\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-11-08 156784]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-08 24576]

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2005-12-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 15:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1133152976\\ee\\aim6.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-06-18 24652]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa559ce-090a-11dd-9f60-00038a000015}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-28 c:\windows\Tasks\At1.job

- c:\windows\system32\yoigusa.dll []

2009-03-28 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (FROST-Allena Hail).job

- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2009-03-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-29 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

- - - - ORPHANS REMOVED - - - -

BHO-{1FB12D5C-7267-4860-A56F-42719898B93F} - c:\windows\system32\yoigusa.dll

HKCU-Run-system tool - c:\windows\sysguard.exe

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-29 09:57:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

------------------------ Other Running Processes ------------------------

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

c:\progra~1\Intel\Wireless\Bin\1XConfig.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\windows\system32\Tablet.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\dllhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\wscntfy.exe

**************************************************************************

Completion time: 2009-03-29 10:02:05 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-29 17:01:54

Pre-Run: 16,342,073,344 bytes free

Post-Run: 16,570,417,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

284 --- E O F --- 2009-03-26 17:25:05

It worked!!

How does that look?

Bugbatter

3 Apprentice

•

20.5K Posts

March 29th, 2009 12:00

Your log is so spaced out that it is difficult to read. Please try once more to post that.

Use Notepad and make sure Wordwrap is not checked in Notepad's Format menu. Thanks.

allenaguinn

15 Posts

March 29th, 2009 17:00

I turned WordWrap off in NotePad and here, I checked the preview and it looked normal. I don't know what else to try.